Vulnerabilities (CVE)

Filtered by vendor Libsdl Subscribe
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2888 3 Canonical, Debian, Libsdl 3 Ubuntu Linux, Debian Linux, Simple Directmedia Layer 2024-11-21 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVE-2017-2887 2 Debian, Libsdl 2 Debian Linux, Sdl Image 2024-11-21 6.8 MEDIUM 8.8 HIGH
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.
CVE-2020-14410 3 Debian, Fedoraproject, Libsdl 3 Debian Linux, Fedora, Simple Directmedia Layer 2024-06-27 5.8 MEDIUM 5.4 MEDIUM
SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.
CVE-2020-14409 4 Debian, Fedoraproject, Libsdl and 1 more 4 Debian Linux, Fedora, Simple Directmedia Layer and 1 more 2024-06-27 6.8 MEDIUM 7.8 HIGH
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.
CVE-2022-4743 2 Libsdl, Redhat 2 Simple Directmedia Layer, Enterprise Linux 2024-02-04 N/A 7.5 HIGH
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.
CVE-2022-34568 1 Libsdl 1 Simple Directmedia Layer 2024-02-04 N/A 7.5 HIGH
SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.
CVE-2021-33657 1 Libsdl 1 Simple Directmedia Layer 2024-02-04 6.8 MEDIUM 8.8 HIGH
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
CVE-2022-27470 2 Fedoraproject, Libsdl 2 Fedora, Sdl Ttf 2024-02-04 6.8 MEDIUM 7.8 HIGH
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.
CVE-2019-14906 2 Libsdl, Redhat 2 Simple Directmedia Layer, Enterprise Linux 2024-02-04 7.5 HIGH 9.8 CRITICAL
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.
CVE-2019-12217 1 Libsdl 2 Sdl2 Image, Simple Directmedia Layer 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.
CVE-2019-12222 1 Libsdl 1 Simple Directmedia Layer 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c.
CVE-2019-12219 1 Libsdl 2 Sdl2 Image, Simple Directmedia Layer 2024-02-04 6.8 MEDIUM 8.8 HIGH
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.
CVE-2019-5058 2 Libsdl, Opensuse 3 Sdl2 Image, Backports Sle, Leap 2024-02-04 6.8 MEDIUM 8.8 HIGH
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2019-12220 1 Libsdl 2 Sdl2 Image, Simple Directmedia Layer 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.
CVE-2019-12221 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.
CVE-2019-13626 4 Debian, Fedoraproject, Libsdl and 1 more 4 Debian Linux, Fedora, Libsdl and 1 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.
CVE-2019-5060 2 Libsdl, Opensuse 3 Sdl2 Image, Backports Sle, Leap 2024-02-04 6.8 MEDIUM 8.8 HIGH
An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2019-12216 4 Canonical, Debian, Fedoraproject and 1 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
CVE-2019-5051 4 Canonical, Debian, Libsdl and 1 more 5 Ubuntu Linux, Debian Linux, Sdl2 Image and 2 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVE-2019-5059 2 Libsdl, Opensuse 3 Sdl2 Image, Backports Sle, Leap 2024-02-04 6.8 MEDIUM 8.8 HIGH
An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.